salt/doc/topics/releases/2015.5.10.rst

============================
Salt 2015.5.10 Release Notes
============================

:release: 2015-03-22

Version 2015.5.10 is a bugfix release for :ref:`2015.5.0 <release-2015-5-0>`.


Security Fix
============

**CVE-2016-3176** Insecure configuration of PAM external authentication service

This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when PAM
:ref:`external authentication <acl-eauth>` is enabled. This issue involves
passing an alternative PAM authentication service with a command that is sent
to :ref:`LocalClient <local-client>`, enabling the attacker to bypass the
configured authentication service. Thank you to Dylan Frese <dmfrese@gmail.com>
for bringing this issue to our attention.

This update defines the PAM eAuth ``service`` that users authenticate against
in the Salt Master configuration.

No additional fixes are included in this release.

Read Before Upgrading Debian 8 (Jessie) from Salt Versions Earlier than 2015.5.9
================================================================================

Salt ``systemd`` service files are missing the following statement in these versions:

.. code-block:: ini

    [Service]
    KillMode=process

This statement must be added to successfully upgrade on these earlier versions
of Salt.


Changelog for v2015.5.9..v2015.5.10
===================================

*Generated at: 2018-05-27 22:39:26 UTC*

* 69ba1de71d Remove ability of authenticating user to specify pam service
2015.5.10 release docs 2016-03-23 20:04:29 +00:00			`============================`
			`Salt 2015.5.10 Release Notes`
			`============================`

Fix all Sphinx warnings Well, all but one, which we expect to see 2018-05-28 21:13:12 +00:00			`:release: 2015-03-22`

			Version 2015.5.10 is a bugfix release for :ref:`2015.5.0 <release-2015-5-0>`.


2015.5.10 release docs 2016-03-23 20:04:29 +00:00			`Security Fix`
			`============`

Fix all Sphinx warnings Well, all but one, which we expect to see 2018-05-28 21:13:12 +00:00			`CVE-2016-3176 Insecure configuration of PAM external authentication service`
2015.5.10 release docs 2016-03-23 20:04:29 +00:00
			`This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when PAM`
			:ref:`external authentication <acl-eauth>` is enabled. This issue involves
			`passing an alternative PAM authentication service with a command that is sent`
			to :ref:`LocalClient <local-client>`, enabling the attacker to bypass the
			`configured authentication service. Thank you to Dylan Frese <dmfrese@gmail.com>`
			`for bringing this issue to our attention.`

			This update defines the PAM eAuth ``service`` that users authenticate against
			`in the Salt Master configuration.`

Fix all Sphinx warnings Well, all but one, which we expect to see 2018-05-28 21:13:12 +00:00			`No additional fixes are included in this release.`
Added placeholder release notes for 2015.5.10 Changed old doc links from docs.saltstack.org to docs.saltstack.com 2016-01-22 17:45:32 +00:00
One additional known issue for 2015.5.10 release notes 2016-03-23 21:19:36 +00:00			`Read Before Upgrading Debian 8 (Jessie) from Salt Versions Earlier than 2015.5.9`
			`================================================================================`

			Salt ``systemd`` service files are missing the following statement in these versions:

			`.. code-block:: ini`

			`[Service]`
			`KillMode=process`

			`This statement must be added to successfully upgrade on these earlier versions`
			`of Salt.`

Fix all Sphinx warnings Well, all but one, which we expect to see 2018-05-28 21:13:12 +00:00
			`Changelog for v2015.5.9..v2015.5.10`
			`===================================`

			`Generated at: 2018-05-27 22:39:26 UTC`

			`* 69ba1de71d Remove ability of authenticating user to specify pam service`